Open Access

Security Process Capability Model Based on ISO/IEC 15504 Conformant Enterprise SPICE

Antanas Mitasiunas
Antanas Mitasiunas
, 
Leonids Novickis
Leonids Novickis
 and 
Rimas Kalpokas
Rimas Kalpokas
   | Sep 02, 2014
Applied Computer Systems's Cover Image
About this article
Previous Article
Next Article
Cite
Published Online: Sep 02, 2014
Page range: 36 - 41
DOI: https://doi.org/10.2478/acss-2014-0006
Keywords
© Riga Technical University
This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 License.

[1] Mangin, O., Barafort, B., Heymans, P., Dubois, E.: Designing a Process Reference Model for Information Security Management Systems. In: Mas, A., Mesquida, A., Rout, T., O’Connor, R.V., Dorling, A (Eds.) SPICE 2012, CCIS, vol. 290, Heidelberg, Springer (2012), p. 129-140.Search in Google Scholar

[2] Barafort, B., Humbert, J.P., Poggi, S.: Information security management and ISO/IEC 15504: the link opportunity between security and quality. In Proceedings of the 6th International SPICE Conference on Process Assessment and Improvement (SPICE 2006), Luxembourg, (2006): http://alpha.nyit.edu/som/faculty/khoo/spring2012/mist757/others/wp13 _spice.pdfSearch in Google Scholar

[3] Information Security Management Systems (ISMS), BSI-Standard 100-1, Version 1.5. May, 2008, www.bsi.bund.deSearch in Google Scholar

[4] IT-Grundschutz Methodology, BSI-Standard 100-2, Version 2.0. May 2008, www.bsi.bund.deSearch in Google Scholar

[5] Boronowsky, M., Woronowicz, T., Mitasiunas, A. BONITA - Improve Transfer from Universities for Regional Development. The Proceedings of the 3rd ISPIM Innovation Symposium held in Quebec City, 2010: http://www.ispim.org/members/proceedings/Quebec10/commonfiles/file s/26728727_Paper.pdfSearch in Google Scholar

[6] Cloud Computing. Benefits, risks and recommendations for information security. European Network and Information Security Agency (ENISA), 2009: https://www.enisa.europa.eu/activities/riskmanagement/ files/deliverables/cloud-computing-risk-assessmentSearch in Google Scholar

[7] CMMI-ACQ, 2010. CMMI for Acquisition, Version 1.3. Software Engineering Institute: www.sei.cmu.edu/reports/10tr032.pdfSearch in Google Scholar

[8] CMMI-DEV, 2010. CMMI for Development, Version 1.3. Software Engineering Institute: www.sei.cmu.edu/reports/10tr033.pdfSearch in Google Scholar

[9] CMMI-SVC, 2010. CMMI for Services, Version 1.3. Software Engineering Institute: www.sei.cmu.edu/reports/10tr034.pdfSearch in Google Scholar

[10] Enterprise SPICE An Integrated Model for Enterprise-wide Assessment and Improvement. Technical Report - Issue 1. The Enterprise SPICE Project Team, September 2010, p. 184, www.enterprisespice.com/page/publication-1Search in Google Scholar

[11] Ibrahim, L., Bradford, B., Cole, D., LaBruyere, L., Leinneweber, H., Piszczek, D., Reed, N., Rymond, M., Smith, D., Virga, M., Wells, C. FAA-iCMM. The Federal Aviation Administration Integrated Capability Maturity Model for Enterprise-wide Improvement. U.S. Federal Aviation Administration, published by FAA (2001), p. 480.Search in Google Scholar

[12] Ibrahim, L., Jarzombek, J., Ashford, M., Bate, R., Croll, P., Horn, M., LaBruyere, L., Wells, C., 2004. Safety and Security Extensions for Integrated Capability Maturity Models. U.S. Federal Aviation Administration: https://buildsecurityin.uscert. gov/sites/default/files/SafetyandSecurityExt-Sep2004.pdfSearch in Google Scholar

[13] ISO/IEC 15504-2, 2003. Information Technology - Process Assessment - Part 2: Performing an Assessment. ISO, Geneva (2003), p. 26Search in Google Scholar

[14] ISO/IEC 15504-5, 2006. Information Technology - Process Assessment - Part 5: An Exemplar Process Assessment Model. ISO, Geneva (2006), p.172Search in Google Scholar

[15] ISO/IEC 15504-10, 2011. Information Technology - Process Assessment - Part 10: Safety Extension. Technical specification. ISO, Geneva (2011). p.32Search in Google Scholar

[16] Mesquida, A. L., Mas, A., Amengual, E. An ISO/IEC 15504 Security Extension. In: Rout, t., O’Connor, R.V., Rout, T., MaCaffery, F., Dorling, A (Eds.) SPICE 2011, CCIS, vol. 155, Heidelberg, Springer (2011), p.64-72Search in Google Scholar

[17] Mitašiūnas, A., Novickis, L. Enterprise SPICE based education capability maturity model. In: Niedrite, L., Strazdina, R., Wangler, B. (eds.) BIR 2011 Workshops. LNBIP, vol. 102-116, Heidelberg, Springer (2012), p. 106-116Search in Google Scholar

[18] Novickis, L., Lesovskis, A., Mitasiunas, A. Technology Transfer Model and Web-based Solution for Transport Logistics Service Providers. Proceedings of the European Computing Conference (ECC’11), Wisconsin, USA , WSEAS, Stevens Point (2011), p. 65-74Search in Google Scholar

[19] +SAFE. A Safety Extension to CMMI-DEV, version 1.2. Software Engineering Institute, 2007: http://www.sei.cmu.edu/reports/07tn006.pdfSearch in Google Scholar

[20] Sunyaev, A., Schneider, S. Cloud Services Certification. Communications of the ACM. Volume 56, issue 2 (2013), p. 33-36. http://dx.doi.org/10.1145/2408776.240878 Search in Google Scholar

eISSN:
2255-8691
Language:
English
Publication timeframe:
2 times per year
Journal Subjects:
Computer Sciences, Artificial Intelligence, Information Technology, Project Management, Software Development
Journal RSS Feed